Acid Kor
(Backdoor.Win32.AcidShiver.kor)

by koR

Written in Visual Basic

Released in October 2000


Well, here it is at last, Acid koR
Why his name is Acid koR?
Well, because i learned a lot from the Acid Shivers Source code and
with it, i wrote my own, better (you can say it so: several new 
functions added, like transfer files, msgboxes, replayable msgboxes etc.)
than Acid Shivers.
And it won't be caught nor from any AV, nor from any Anti-Trojan (like The Cleaner).

Sorry guys, i didnt make it, to let it run on a negativ port. The port is 20002.
To be used with TelNet.
When you want transfer files, youll need the File GUI included in the package!
Im too lazy to write help here, so open AcidkoR, connect with loopback to it,
and write "HELP" if you want to know anything and you have a victim.
Use AsPack to compress the AcidkoR server. It isnt good code :(
Well, im modifiing it, and i work hardly on a ICQ Notifification
(dont included in the AcidkoR).
Bye, koR
		-------------------------------EOF-------------------------------

4.4.2k
Since i did not resolve the problems with how to rename the files,
i decided that when you send a file to the victim,
it will be saved in \windows\file64.exe
I decided .exe, because normally you dont send other files (think so)
The server size is now ~75 kb. I used the new AsPack to reduce it.
Added a new function, to copy:
msvbvm60.dll
mswinsck.ocx
comctl32.ocx
comdlg32.ocx
automatticaly in the win\system dir. (the runtimes the prog needs)
Ideal for a .zip file
The program is still a little buggy, send any
 info to: [email protected]
Commans:
DIR      - List Contents of Current Directory
LS       - List Contents of Current Directory
CD <dir> - Change To Specified Directory/Drive
CLS - Clear Screen
KILL - Kill Process by PID (Shown in PS)
PS - Shows Running Processes
DEL <file>  - Deletes Specified Files
PORT <#> - Change Port Acid koR Listens on (Until Next Reboot)
DESK - Change to default Windows Desktop folder
RECENT - Change to Windows Recent folder
WSFTP - Change to default WS_FTP folder
VERSION - Show Version Number of Acid koR
DRIVES - Show physical, RAM, CD-ROM, and Network drives
BOUNCE <host> <port> - Relay connection to host on port,
Control + C to abort.
S - Sendkeys to active window
MACADDR - Show ethernet stats and physical address
NAME <name> - Rename the users computer
ENV - Shows DOS Environment variables
BEEP <#> - Beeps the specified number of times
CDROM - Type 'CDROM' for more information
DIE - Terminate Acid koR
LABEL <Drive> - Rename a specified disk drive
SHUTDOWN - Type 'Shutdown' for more information
DRIVE <Drive> - Retrives information on specified drive
KS <Socket #> - Disconnect a session by socket index show in 'STATUS'
TIME - Shows users current system time
DATE - Shows users current system date
INFO - Shows some general system information about host and user
STATUS - Show the state of all sockets used since last reboot
CAT <filename> - Retrieve specified file
GET <filename> - Retrieve specified file
BCAT <filename> - Retrieve specified file in hex form
BGET <filename> - Retrieve specified file in hex form
CMD <Shell Command> - Run the specified shell command
SH <command> - Run the specified command and display results (may lock up).
MKDIR <path> - Make a new directory
RMDIR <path> - Remove a directory and all files and subdirectories inside.
CP <file1> <file2>  - copy file1 to file2
COPY <file1> <file2>  - copy file1 to file2
HIDE <PID> - Hide a task from control + alt + delete.
SHOW <PID> - Show a task from control + alt + delete.
RMSG <prompt> - inputbox (you will receive the reply)
MSG <prompt> - Message Box
Send a file through the File GUI - SEND c:\path\of\file.exe
Listens for the File GUI - LISTEN
RECV - You cannot receive through telnet. go into the file GUI

koR


Server:
dropped file:
C:\WINDOWS\MSGSVR64.EXE

size: 73.728 bytes

port: 20002 TCP

startup:
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN

MegaSecurity